CVE-2024-12987

all versions

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown fu

7.3HIGH

CVE-2024-12986

>= 1.5.1.3 and < 1.5.1.5

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue a

7.3HIGH

CVE-2024-48074

all versions

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious comm

8.0HIGH

CVE-2024-43027

< 1.5.1.5

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were

8.0HIGH

CVE-2023-6265

all versions

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction

6.5MEDIUM

CVE-2023-24229

all versions

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operatin

7.8HIGH

CVE-2023-1163

all versions

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. A

6.5MEDIUM

CVE-2023-1162

all versions

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5

7.2HIGH

CVE-2023-1009

all versions

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affec

6.5MEDIUM

CVE-2021-43118

all versions

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B

9.8CRITICAL

CVE-2021-42911

<= 1.5.1.3

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.

9.8CRITICAL

CVE-2020-19664

<= 1.5.1

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

8.8HIGH

CVE-2020-15415

< 1.5.1

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command e

9.8CRITICAL

CVE-2020-14473

< 1.5.1.1

Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.

9.8CRITICAL

CVE-2020-14472

< 1.5.1.1

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the ma

9.8CRITICAL

CVE-2020-14993

< 1.5.1.1

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to exe

9.8CRITICAL

CVE-2020-10828

< 1.5.1

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers

9.8CRITICAL

CVE-2020-10827

< 1.5.1

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers

9.8CRITICAL

CVE-2020-10826

< 1.5.1

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve comma

9.8CRITICAL

CVE-2020-10825

< 1.5.1

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and

9.8CRITICAL

CVE-2020-10824

< 1.5.1

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B dev

9.8CRITICAL

CVE-2020-10823

< 1.5.1

A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B device

9.8CRITICAL

CVE-2020-8515

all versions

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote co

9.8CRITICAL